Hello 0x00sec
As far as I am concerned, python is wide-used for writing hacking tools such as RATS ( currently I am working on some sort of this) …etc

For sure when I send my gift to the victim I won’t ask him first to install python to hack him

so, the way I know is to fool him by an executable that -should not- require any python more to work

by exploring the various solutions found to go from python to an exe, I found that firstly I can use something like py2exe,pyinstaller…etc

The problem is that they result in huge exe which sure rises suspicions

The Other solution is to to compile python to C - using cython or nuitka - and then go to exe.

I have tried this solution and found tons of problems all due to imports I made, spending some time, I reached my first exe (+ python dll un-fortunately )
and unfortunately again , it didn’t work outside my pc

I hope here to get any solution or detailed guide on how to solve this problem ( how to get a very very small-standalone that can be used like in real hacking situations )
or how real hackers who use python deal with this.

Hello ! ( I assume this is for educational purposes only )
This can be double edged sword.
You cannot know if the target have python installed ( Most sysadmins on Linux delete Python because of security reasons). Even if the Python is installed, there are 2 versions ( 2.7 and 3.6 ). They have differences and if you program in Python2 it won’t work on Python3 and reverse. Also, you got to know which OS you are attacking. Is it Windows or Linux based? If it is Windows, I would suggest you to use RAT written in C or C++. If it is Linux, most Linux distributions comes by default with Python2 installed. So, step that is essential here is reconnaissance. You got to obtain as much information as you can before attacking. If you miss only 1 small thing, attack may fail.

I won’t write any how to or what to and I hope that this will be enough for you. Depending what you want, I would suggest you to take a look at setoolkit and msf. Maybe they will be helpful.

Honestly, I don’t think any legit, serious hacker uses Python RATs and not to offend you or anything but just because you can build something in language X does not mean you should use it. Hell, I can build malware in Brainfuck but it doesn’t mean that I should. “Use the right tool for the right job” or you’ll just end up with inelegant situations like in which you currently find yourself. Respect this rule.

So, possible solutions to your problem…

First, if you are entirely serious about developing Windows malware, I suggest you leave Python and learn C and/or C++ and then port your Python code to it (as @Joe_Schmoe did with STELF).

If the above is not a viable solution and you must use your Python scripts then fine, but for this, you’ll may still require knowledge of minimum C or C++ or at least one of Microsoft’s scripting languages such as PowerShell or VBScript or JScript. How this works is you develop what is called “multi-staged malware” in which you push your malware out in multiple stages. Self-explanatory.

Your first stage is to, using one of the supported languages I’ve just mentioned or a compiled binary, develop an application that will silently install Python onto the system.

When that has been successfully achieved, your application reaches out to the internet, downloads your Python scripts and executes them (again, silently).

This is a purely theoretical situation that I’ve come up with and relies entirely on the fact that you can silently install Python. This can be done either through an official installer (not sure if there’s an option for this) or unofficially where your initial stage malware downloads all the binaries and other components onto the machine.

You can also use PyInstaller or py2exe or Nuitka (personally PyInstaller fared very well) to turn your scripts into an executable. However, the executables are very large, in tens of megabytes, compared to e.g. Meterpreter, which is about a megabyte. You also lose out on stealth and using the winapi can be difficult.

If the above is not a viable solution and you must use your Python scripts then fine, but for this, you’ll may still require knowledge of minimum C or C++ or at least one of Microsoft’s scripting languages such as PowerShell or VBScript or JScript. How this works is you develop what is called “multi-staged malware” in which you push your malware out in multiple stages. Self-explanatory.

First, thanks for trying to help
I have an experience in c/c++ ( which I can judge as very good ) but in another fields such as game development, image processing , embedded systems… etc from those engineering stuff - this is my study after all -
But I haven’t taken the step towards using it in security matters and trojans and as I said it is my first time
So, I selected python as it is easier to work with and if the whole experiment reached success I can later give it a try in c++

away from this, I can understand now that malwares-rats…etc are written in c++/c am I right ?
if so, why a lot of websites…etc says that python is used widely in this field although every one should stuck in the situation I am in now ?

another questions

dtm:

First, if you are entirely serious about developing Windows malware, I suggest you leave Python and learn C and/or C++ and then port your Python code to it (as @Joe_Schmoe did with STELF).

Do you mean starting from my python scripts? or write the whole code again in c++

dtm:

Your first stage is to, using one of the supported languages I’ve just mentioned or a compiled binary, develop an application that will silently install Python onto the system.

When that has been successfully achieved, your application reaches out to the internet, downloads your Python scripts and executes them (again, silently).

Have you seen an implementation so that I have a reference code for this? instead of drawing on water

In that case feel free to explore !
So, assuming you already have what you need, you need to deliver it somehow. Depending on the location of you and target, if you are far away ( across the world ) you can craft a phishing mail and send a link with a RAT. Other method if you and target are close to each other, you can always use drop usb. This will work if the target is enterprise and workers are passing through. Those are examples, there are much more social engineering techniques and you can be creative and combine them altogether. Distributing is matter of tricking user into something. If you can trick him into downloading and running file, you can do everything. Keep in mind that standard phishing mails won’t work since more and more people are aware of this. I didn’t tell you anything specific because there are tons of ways to do something like that. Be creative my friend !

if so, why a lot of websites…etc says that python is used widely in this field

Python may be used widely in this field either because it’s quick and/or easy to write tools especially because of the extensive libraries that were built for it and for automation purposes which is one of the great strengths of Python. Because it’s a scripting language, it requires an interpreter for it to run and that is the exact opposite of what you want for malware which favours less dependencies. This is one of the primary reasons for why C and C++ are dominant for malware development.

BlackSteelCannon:

Do you mean starting from my python scripts? or write the whole code again in c++

I mean you should rewrite the entirety in C++. Completely abandon Python for malware development purposes if you are targeting Windows and are serious about it.

BlackSteelCannon:

Have you seen an implementation so that I have a reference code for this? instead of drawing on water

Yes, I’ve seen implementations of downloader malware but yet to see any non-natively (under Windows) supported languages such as Python, Ruby, Lua, etc. It’s a very trivial matter:

Upload your Python binaries onto a server

Your first-stage malware downloads the binaries from the server into a folder on the system

Your first-stage malware downloads the main malware from the server onto the system

Your first-stage malware executes your main malware by calling the downloaded Python executable with your main malware’s path as a command line argument

Honestly, I don’t think any legit, serious hacker uses Python RATs and not to offend you or anything but just because you can build something in language X does not mean you should use it. Hell, I can build malware in Brainfuck but it doesn’t mean that I should. “Use the right tool for the right job” or you’ll just end up with inelegant situations like in which you currently find yourself. Respect this rule.

While this is generally true, the tool for the job is often the tool that is already on the system. Empire has made an entire framework out of tools that are already embedded on the system (Powershell for Windows and Python for Max/Unix/Linux). Many professionals have shown the capability and power of these tools without criticizing the language its written in. I follow the idea that the attacker needs to be flexible with any tool that is useable on this system.

That being said, when putting Windows in your crosshairs, I agree that the goto should not be Python. But that does not render Python obsolete in the RAT game.

@BlackSteelCannon Golang is becoming increasingly common to solve issues like this. While Python may be a fantastic learning tool, if you are seriously going to deploy on Windows, look into tools that are either cross-platform natively (Merlin), or built for the task of taking on Windows.

Meterpreter has actually compiled a Python interpreter in so that Python code can be executed on the host without “installing” it. Maybe you could deploy something like that.

They didn’t package Python as an exe. I suggest reading through some documentation to learn more about how some of these deployment systems work to get an understanding before asking questions. Meterpreter installs an interpreter onto the system and then you run your .py files through the interpreter

That is true. There have been some attempts to compile the Go into C and then compile the C into a DLL for injection but that is janky at best. C# Is nice for basic things. If you are getting into Windows Services then try out C++ instead though as C# does some auto-logging and takes away a little bit of control.